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Purpose  of  Briefing 


Provide  an  overview  of  the  objectives, 

findings  and  recommendations  of  the  . . . 

-  Information  Assurance  Modeling  & 

Simulation  (lA  M&S)  State-of-the-Art  Report 
(SOAR) 

•  A  report  jointly  sponsored  by  the  Defense 
Technical  Information  Center  (DTIC’s)  . . . 

-  Information  Assurance  Technology  Analysis  Center 
(lATAC) 

-  Modeling  and  Simulation  Information  Analysis 
Center  (MSIAC) 
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Background 

Types  of  I A  M&S 

Summary,  Conclusions,  Needs 


Definitions 


Information  Operations  (lO) 

-  “Those  actions  taken  to  affect  an  adversary's 
information  and  information  systems  while  defending 
one's  own  information  and  information  systems.”  [1] 

Information  Assurance  (I A) 

-  "Information  Operations  that  protect  and  defend 
information  and  information  systems  by  ensuring  their 
availability,  integrity,  authentication,  confidentiality, 
and  non-repudiation.  This  includes  providing  for  the 
restoration  of  information  systems  by  incorporating 
protection,  detection,  and  reaction  capabilities."  [2] 


"National  Information  Systems  Security  (INFOSEC)  Glossary,"  NSTISSI  No.  4009, 
January  1999. 

"U.S.  Joint  Vision  2020",  OPR  Director  for  Strategic  Plans  and  Policy,  J5,  Strategic 
Division,  available  at:  http:// 


Objective  of  SOAR 


To  develop  an  assessment  of  the  current 
state-of-the-art  of  modeling  and 
simulation  (M&S)  to  support 
Information  Assurance  (lA) 

Collect  information  that  describes: 

-  tools 

-  data 

-  and  other  research  activities 


Target  Audience  &  Benefits 


Primary  audience  of  this  assessment  is  the 
I A  community  within  the  U.S.  Department 
of  Defense  (DoD) 

-  those  people  and  organizations  directly 
responsible  for  the  protection  and  defense  of 
information  and  information  systems. 

Benefits: 

-  help  leverage  existing  knowledge  and 
capabilities  while  avoiding  unnecessary 
duplication  of  effort,  in  turn,  helping  to  foster 
reuse  and  interoperability  of  such  tools. 


Approach 


.  Determine  what 
i/e  want  to  Survey 

Develop  Taxonomy 


Determine  how  to 


get  It 


Create  Questionnaire 
Identify  lO/IA  focused 
orgs  &  POCs 


3.  Go  get  it 


4.  Review  &  Anaiyze  it 


Compile  findings 
Bin  products  into  like 
groupings 

Review  groups  of  products 
Draw  conclusions  from  each 
group 

Draw  overarching 
conclusions 


Circulate  survey  to  individuals 
Broadcast  survey  to  groups  of 
potential  interest 
Conduct  open  literature 
search 


Approach 


.  Determine  what 
i/e  want  to  Survey 


4.  Review  &  Analyze  it  I 


•  Over  1 00  organizations  were  contacted 
•60  unique  products/activities  were  captured, 
described  and  categorized 


2.  Determine  how  to 


get  It 


3.  Go  get  it 
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Definitions,  Objectives,  Approach 

Background 
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Summary,  Conclusions,  Needs 


The  10  “Wheel”  Explains  Why  the 
Study  Looks  at  10  as  well  as  lA 

M&S 


Attacks"  required 
to  study 


Conclusions  from  Similar 
lATAC  Report  of  1997 

"Future  warfighting  capabilities 
depend  on  lA." 

"Metrics  are  needed  for  lA  assessments." 

"Additional  M&S  tools  are  needed  to 
support  lA. " 

lA  M&S  capabilities  are  nascent. " 

One  goal  of  this  new  report  is  to 
understand  what  progress  has  been  made 
the  past  three  years 
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Organizations  Represented  in 

Report  Findings 
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Six  General  Areas  of  lA/IO 
M&S  Activities  &  Tools 


□  Test  & 
Evaluation 
Tools  (5) 


Comm 
Systems 
Performance 
Analysis 
Tools  (10) 


Training  & 
Exercise 
Support 
Tools  (6) 


□  Infrastructure 
Protection 
Tools  (17) 


□  Research 
Activities  (17) 


□  Course  of 
Action  & 
Analysis 
Tools  (11) 


Types  of  lA  M&S  (1  of  3) 

(Not  simulation  for  simulation’s  sake) 

Although  some  activities  seemed  to  fit 
into  more  than  one  category,  all  responses 
were  grouped  into  one  of  the  following: 

-  General  research  /  Body  of  Knowledge  (17) 

•  Research  and/or  databases  that  support  the 
development  of  lA  M&S  tools 

-  Course  of  Action  Planning  and  Analysis  Tools 

(11) 

•  "Providing  Warfighters  the  ability  to  study  and 
analyze  the  accomplishment  of  an  operational 
mission,  resulting  in  a  weighted  cost/benefit 
analysis  of  recommended  or  preferred  options." 


Types  of  lA  M&S  (2  of  3) 


Infrastructure  Protection  Tools  (17) 

-  "Analyzing  the  ability  to  defend,  safeguard,  or 
shield  from  injury,  loss,  or  destruction  a 
framework  of  interdependent  networks  and 
systems." 

General  Communications  Systems 

Performance  Analysis  Tools  (10) 

-  Development  environments  used  to  represent 
the  flow  of  information  through  a 
communications  infrastructure. 


Types  of  lA  M&S  (3  of  3) 


Test  and  Evaluation  Tools  (5) 

-  "Providing  a  set  of  stimuli  (derived  by  simulation  as 
opposed  to  by  human  intervention)  to  a  specific  system 
under  test  so  as  to  augment  and  complement  various 
stages  in  the  material  acquisition  process.” 

Training  and  Exercise  Support  Tools  (6) 

-  "Providing  the  proper  stimuli  to  Warfighters  to 
accurately  reflect  the  conditions  of  an  operational 
mission  so  as  to  support  a  range  of  training  roles, 
spanning  from  stand-alone  maintenance/operator 
trainers  for  individual  use,  to  integrated  crew  level 
training  systems,  to  distributed  training  of  Corps  and 
Echelon  Above  Corps  commanders." 


\ 


Most  active  area  of  activity: 
Infrastructure  Protection  Tools 


Tool 

Sponsor 

■ 

Tool 

Sponsor 

Authentication,  Verification, 
Integrity  Tools  and 

Architecture  (AVITA) 

Litton  PRC 

Link  Builder 

JPO-STC  /  Booz-Allen  & 
Hamilton 

Blitzkrieg  System 

Future  Vision  Group 

Network  Security  Simulator 
(NSS) 

Fred  Cohen  &  Associates 

Denial  of  Service  Attack 
Assessment 

DARPA 

Cyberwar  XXI;  CRISIS  XXI 

US  Air  Force/MITRE/DARPA 

D-Wall 

Fred  Cohen  &  Associates 

SAFEOperations  for  System 
Administrators™ 

ASD/C3I 

EASEL  (Emergent  Algorithm 
Simulation  Environment  and 
Language) 

Carnegie  Mellon's  Computer 
Emergency  Response  Team 
(CERT)  Coordination  Center 

SimuNet 

TeleniX  Corporation 

HEAT 

Sandia  National  Laboratories 

System  Administrators 
Integrated  Network  Tool 
(SAINT) 

World  Wide  Digital  Security 
Inc. 

INFOSEC  Experience-Based 
Training  (lEBT) 

Department  of  Energy  / 
Lawrence  Livermore  National 
Laboratory 

Tactical  Internet  Model  (TIM) 

U.S.  Army  CECOM 

Infrastructure  Damage 
Assessment/  Connectivity 
Analysis  Model  (IDA/CAM) 

National  Communication 
System  /  Booz-Allen  & 
Hamilton 

Visual  Network  Rating 
Methodology 

DARPA  /  National  Security 
Agency  (NSA) 

Internet  Attack  Simulator 
(Maverick) 

US  Army  CECOM  /  General 
Dynamics 

iATA 


Assessment  of 
Infrastructure  Protection  Tools 

1 7  different  tools  described 

Market  forces  likely  driving  investments  in  these 
tools 

-  A  need  to  investigate  ability  to  protect  networks  “off¬ 
line”  without  putting  network  at  risk 

Most  IP  tools  are  in  the  areas  of  network  load 
susceptibility  and  optimization,  which  can 
respectively  predict  and  counter  denial-of-service 
attacks. 

Need  a  taxonomy  of  various  types  of  IP  tools  and 
the  specific  issues  each  one  is  best  at  analyzing. 

-  There  are  so  many  tools  similar  at  the  surface  but  vastly 
different  that  re-use  is  difficult 


Outline 


Definitions,  Objectives,  Approach 
Background 
Types  of  I A  M&S 
Summary,  Conclusions,  Needs 


Summary  of  Findings  - 
The  Bright  Side 


lATA 


Health: 


-  The  overall  state  of  lA/IO  M&S  is  quite 
healthy  today,  as  there  are  many  different 
M&S  tools  being  used  or  under  development 
to  address  a  variety  of  10  and  lA-related 
issues. 

Funding: 


-  In  comparison  to  the  results  of  a  similar 
lATAC  assessment  from  over  three  years 
earlier,  many  more  organizations  are  now 
investing  in  developing  M&S  tools  to 
address  a  variety  of  analytic  needs  that 
incorporate  some  aspect  of  lA. 

Visibility: 

-  The  need  for  continued  investment  in  a 
variety  of  lA/IO  M&S  tools  is  recognized  at 
the  highest  levels  of  DoD. 


Summary  of  Findings — 

The  Dark  Side 


lA/IO  M&S  tool  development  is  still  very 
much  in  its  infancy,  with  much  work 
needed  to  be  done  to  provide  an 
authoritative  body  of  knowledge  to 
Support  future  tool  developments. 


-  It  is  difficult  to  accurately  model  phenomena 
that  we  barely  understand 
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update  of  Conclusions  from 
Similar  lATAC  Report  of  1997 

’’Future  warfighting  capabilities  depend  on  lA.” 

-  There  has  been  considerable  growth  in  the  number  and  diversity  of 
I  A  M&S  tools  at  the  unclassified  level  to  address  a  variety  of  needs. 

’’Metrics  are  needed  for  I A  assessments.” 

-  There  has  been  considerable  progress  made  in  developing  various 
bodies  of  metrics  to  assist  with  I  A  assessments,  though  there  is  still 
a  general  lack  of  authoritative  and  complete  data  sources. 

’’Additional  M&S  tools  are  needed  to  support  lA.” 

-  There  have  been  numerous  lA/IO  course  of  action  tools  developed 
over  the  past  few  years  to  support  prioritization  and  allocation 
decisions  at  varying  levels  of  command  and  various  levels  of  detail. 

“lA  M&S  capabilities  are  nascent.” 

-  Considerable  progress  has  been  made.  The  assessment  indicates 
that  despite  this  progress,  it  seems  the  community  has  only  begun  to 
scratch  the  surface  of  what  is  needed  to  provide  a  robust  set  of 
M&S  tools. 
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Conclusions — 
lA/IO  Body  of  Knowledge  (BOK) 

Much  good  work  has  been  done  in  the  last  few 
years  to  provide  the  foundation  for  the 
development  of  a  BOK  associated  with  lA 
and  10. 

There  appears  to  be  a  need  for  a  roadmap  to 
enable  assessment  of  how  each  of  these  various 
efforts  contributes  to  the  overall  development  of 
the  BOK  as  well  as  to  identify  gaps  that  would  be 
prime  targets  for  future  research. 


lA/IO  M&S  Needs  (1  of  2) 


[  j 

A  common  and  agreed  lA/IO  Body  of 
Knowledge  (BOK),  concentrating  on  establishing 
a  lexicon,  taxonomy  and  set  of  quantitative 
metrics 

More  research  into  human  behavioral  modeling 
to  reflect  the  impact  of  the  operator  and/or 
decision  maker  involved  in  lA/IO  operations 

Tools  that  better  account  for  the  relative  cost 
versus  benefit  of  lA/IO 

A  manner  in  which  to  aggregate  the  detailed 
lA/IO  activities  that  may  occur  within  a  conflict 
into  campaign  and/or  theater-level  effects 


lA/IO  M&S  Needs  (2  of  2) 


A  central  repository  for  all  of  the  above  BOK 
products  and  M&S  tools 

Development  and  promotion  of  standards  that 
incorporate  all  of  the  above  to  facilitate  re-use 
and  interoperability  of  lA/IO  M&S  tools 

Overall  conclusion: 

-  For  lA/IO  M&S  is  to  advance  much  beyond  its  current 
St3.t6  . . . 

•  there  is  a  clear  need  for  a  single  organization  to 

spearhead  such  activities  and  gain  buy-in  from  the  rest  of 
V  the  community. 
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